New Linux for Cyber forensics and Investigators – CSI Linux

Introduction

Wherever in the world we see there is a high rise in cybercrime happening, so most of the companies decided to set up cyber investigation labs to overcome the crime happening over the world.

So today we will talk about new variant of linux designed by investigators for Cyber forensics investigations. So we will walk through this linux and see how this plays very important roles in investigation process of evidence collection and installing of different applications for checking & analyzing the crime. As per digital forensics expert of International Institute of cyber Security this variant can be used for the detailed investigation process.

Basic Requirements for CSI Linux

  • CSI Linux requires more than 50 GB free space for running virtual machine images and 20 GB for downloading the VM file. Moreover, you must have at least 8 GB RAM.
  • CSI Linux is specially designed for cyber investigation and it’s a multi-purpose operating system in this we have pre-installed tool used for online investigation like (social media accounts, website information, OSINT (open source investigation), malware analysis and security prevention (intrusion detection/prevention systems))

CSI Linux Categories

  • CSI Linux Investigator has three different platforms:
    • CSI Linux Analyst
    • CSI Linux Gateway
    • CSI Linux SIEM
CSI Linux Categories
CSI Linux Categories
  • CSI ANALYST
    • CSI Analyst is the main investigation workstation which is used for digital forensics and it cover tools to investigate, capture, analyze and report incidents.
  • CSI Linux Gateway
    • CSI Linux gateway send all CSI Linux analyst traffic through TOR browser to hide the source IP address for additional safety and most of the web tools help to interact with the TOR browser.
  • CSI Linux SIEM
    • CSI Linux SIEM is used for incident response and intrusion detection systems. If our system gets compromised, we can use SIEM tools to inspect system vulnerabilities. Tools included in this are Autopsy, Kibana, and Elasticsearch.

Installations steps

Steps To Follow To Import CSI Linux

  • Click on file option
  • Click on import appliance option and select the CSI Linux Files downloaded.
  • click on open and then import
CSI Import
CSI Import
  • After importing we will see our screen in this way
CSI Linux In VM Box
CSI Linux In VM Box
  • Lets start CSI Linux Analyst OS by providing default username and password as csi
    • username: csi
    • password: csi
Login CSI Linux
Login CSI Linux
  • We see our CSI Linux user interface in this way
CSI Desktop
CSI Desktop
  • Lets check menu options in CSI Linux, this will list tool available here.
CSI Menu
CSI Menu
  • We see dark web option for dark web tools list.
CSI Dark Web Tool
CSI Dark Web Tool

List of Open Source Tools Included in CSI Linux

  • Autopsy GUI
  • Catfish Search
  • Recon-ng
  • FBI (Facebook Information)
  • KeePassXC
  • Nmap
  • OSINTFramework
  • OSINT-Search
  • Maltego
  • Twitter feed pull
  • Wireshark
  • The harvester
  • Sherlock